Barr Group FacebookBarr Group TwitterBarr Group LinkedInBarr Group Vimeo

Rules

The following C coding rules relate to the use of signed integers in embedded software:

Rule 5.3.a.) Bit-fields shall not be defined within signed integer types.

Rule 5.3.b.) None of the bit-wise operators (i.e., &, |, ~, ^, <<, and >>) shall be used to manipulate signed integer data.

Rule 5.3.c.) Signed integers shall not be combined with unsigned integers in comparisons or expressions. In support of this, decimal constants meant to be unsigned should be declared with a u at the end.

Example

uint8_t  a = 6u;
int8_t   b = -9;

if (a + b < 4)
{
    // This correct path should be executed 
    // if -9 + 6 were -3 < 4, as anticipated.
}
else
{
    // This incorrect path is actually executed,
    // as -9 + 6 becomes (0xFF – 9) + 6 = 252.
}

Reasoning

Several details of the manipulation of binary data within signed integer containers are implementation-defined behaviors of the C standard. Additionally, the results of mixing signed and unsigned data can lead to data-dependent bugs.

Exceptions

None.

Enforcement

Static analysis tools can be used to detect violations of these rules.

What’s happening and how it’s done. Get in the know.

Sign up for our newsletter today!

Receive free how-to articles, industry news, and the latest info on Barr Group webinars and training courses via email. 

To prevent automated spam submissions leave this field empty.